* feat(gateway): standalone approval deep-link page
Squash-rebased #103698 segment onto the typed-actions tip on current main.
Adds the tokenless /approve/{id} standalone approval UI served by the
gateway control-UI router, gateway-store ephemeral login fix (selectGateway
only on changed URL), and approval-page i18n strings.
Drift reconciliation: union-merged i18n translation-memory caches and
regenerated locale metadata via control-ui-i18n sync (33 approvalPage keys
remain English fallbacks in minor locales, as on the original branch).
(cherry picked from commit c82f56011bfe9f0debb8ebe052f14590c187340d)
(cherry picked from commit 80f5636a8b67a3d6a5f330620541a39d4ef3fe6f)
(cherry picked from commit a3e300d337a92bf1b593a0bb52b7ec4549910a21)
(cherry picked from commit 860ad01f9658bba54cb3d59644e5e1a032c0bb3f)
(cherry picked from commit d8b697b28a847950a1797da07fc0ae4c24928492)
(cherry picked from commit 8a654e3271fd5721358812f961a7a7bb386d6726)
(cherry picked from commit 2f776d2e7bf910271fcbd9697597f6f5478b0f30)
(cherry picked from commit 14e64e6e4d763be830830801eeec1a6f17441688)
(cherry picked from commit 4df9ec828d0034fdc76540ff0fe341e599b0f281)
(cherry picked from commit e52968f4ab)
(cherry picked from commit 7214fc25013966f99ff4b2d506aa2f5f789e2113)
(cherry picked from commit c6259ff79787c759c136086e1a54c9ead8e89539)
(cherry picked from commit a58d9f271d27481615f0c94a828704c563d5354f)
(cherry picked from commit dcf1cb6d98)
* fix(ui): preserve approval page gateway auth
* fix(ui): keep approval disconnects fail closed
* style(ui): format approval disconnect copy
* feat(fleet): per-cell disk limits, egress policy, backup/restore, logs, and doctor
- fleet create --disk <size> caps the container writable layer via --storage-opt;
unsupported storage backends fail create with an actionable support-matrix
error, and the limit replays across upgrade/restore through a fleet-owned
container label because Podman inspect has no HostConfig.StorageOpt.
- fleet create --network bridge|internal adds an opt-in no-egress mode on
Podman (published loopback port keeps working, verified live); Docker
internal cells are rejected fail-closed because Docker does not publish
loopback ports on internal networks.
- fleet backup/restore: per-tenant 0600 tar archives with manifest tenant
binding, symlink/hardlink rejection, byte and path-segment budgets,
root-bounded extraction, atomic no-overwrite publish, lease fencing, and
Gateway token rotation on restore; failures preserve displaced data and
never leave a force-stopped or half-started cell serving silently.
- fleet logs: ownership-asserted, bounded, token-redacted on both streams,
with a generation re-check so a concurrent restore cannot leak a rotated
token.
- fleet doctor: read-only per-cell audit of ownership labels, health,
hardening drift, loopback port binding, token presence, network egress
mode, and 0700 state-dir permissions; any failed finding exits nonzero.
Cross-runtime checks are grounded in live-verified Docker 28/Podman 4.9
inspect shapes (CapDrop vs EffectiveCaps, missing StorageOpt, missing
network containers map).
Related: #104436 (v1 shipped in #104527)
* fix(fleet): harden streamed log redaction and root restore ownership
- redacting stream writer honors target backpressure, retains secret-prefix
overlap across forced long-line flushes, and never splits a token between
emitted chunks
- root-invoked restores repair ownership for explicit non-root user mappings
instead of leaving root-owned 0700 state trees
- fleet logs merges the shipped --follow streaming surface (#104669) with the
v1.1 token-redaction contract
* fix(fleet): stream partial log lines live and report phase-accurate restore recovery paths
- the redacting log writer emits safe text on every chunk (retaining only a
possible token prefix) so unterminated progress output streams immediately
- restore failure notes distinguish pre-swap, displaced, and swapped states so
operators recover the correct tree, and an unavailable runtime inspection is
reported as an unverified replacement instead of silence
* fix(fleet): reject backslash archive paths, guard stderr pipes, and validate disk-limit labels in doctor
- restore/backup path rules reject literal backslashes so a tampered entry
cannot validate as one path and extract as another on POSIX
- fleet logs handles broken pipes on stderr as well as stdout
- fleet doctor fails malformed disk-limit labels that would break
upgrade/restore replay instead of reporting them as passing
* feat(ui): replace Overview page with Connection settings and sidebar attention chips
* feat(ui): open new-session drafts on the chat start screen hero
* refactor(ui): drop old overview-hints paths after rename
* chore(i18n): sync control-ui locale bundles for connection/palette/attention keys
* test(ui): expect attention slot above the sidebar update card
* chore(i18n): re-sync locale bundles after rebase onto main
* test(ui): stub sidebar-attention RPCs in app-sidebar unit tests
* test(ui): use a non-secret-shaped token fixture in connection view test
* refactor(ui): destructure gateway connection in connection settings draft
* refactor(ui): keep connection settings code out of secret-scanner shapes
* test(ui): expect Connection in the settings Connections group
* improve(ui): idle-refresh sidebar attention chips for always-visible windows
* chore(i18n): refresh raw-copy baseline after rebase
* docs(ui): note the unknown-route chat fallback covers retired paths
* feat(ui): redesign composer run-status indicator as chrome-free status text
* feat(ui): replace run-status text with transcript working spark
* fix(ui): keep working spark through reloads, dodge running tool rows, show mobile interrupted toast
* fix(ui): satisfy lint on tool-stream marker access
The latest stable package exposes both names via the deprecated
openclaw/plugin-sdk/infra-runtime subpath. Compat now lives in the barrel
itself with the old substring semantics and a removal plan; core runtime no
longer uses them. Also converts the chat mapping switch to an if-chain for
switch-exhaustiveness lint.
FailoverReason timeout is the retryable-transient bucket and deliberately
swallows generic 5xx, so it cannot drive the user-facing timeout badge.
Rate-limit/overload/context mapping stays on the canonical reason; the
timeout badge now requires isTimeoutError. HTTP 500 badges stay unknown.
Deletes the naive substring detectErrorKind from infra/errors; the chat error
badge now maps resolveFailoverReasonFromError into the protocol errorKind set,
with refusal kept as a chat-local stop-reason check. Fixes drift where a Groq
TPM 413 showed context_length instead of rate_limit and quota/CJK/socket
errors showed unknown.
Part of #104219 (seam 5, slice 1).
* fix(control-ui): use canonical thinkingDefault key in Quick Config
The Control UI Quick Config panel was reading and writing the
non-canonical key agents.defaults.thinkingLevel, which is rejected
by the gateway's strict Zod schema with INVALID_REQUEST errors.
Fix: read from and write to agents.defaults.thinkingDefault instead.
The schema already defines this key and the runtime already reads it
at cfg.agents?.defaults?.thinkingDefault, so this is purely a UI path
correction with zero runtime changes.
The fast-mode control is left unchanged pending a maintainer decision
on its intended scope (per-agent, per-model, or new global default).
Refs #104501
* test(control-ui): prove quick thinking persistence
* docs(changelog): note Quick Config thinking fix
* chore: keep changelog release-owned
---------
Co-authored-by: Erick Kinnee <erick@ekinnee.dev>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat(gateway): add sessions.files.set workspace file write with hash CAS (#104698)
* feat(ui): CodeMirror file editor panel with CAS save + clickable tool-card paths (#104698)
* fix(gateway): issue the file CAS hash only for strict-UTF-8 text (#104698)
* docs(web): document the editable file detail panel (#104698)
* fix(gateway,ui): round-trip BOM and CRLF bytes through the file editor (#104698)
* fix(ui): keep mixed-line-ending files read-only in the file editor (#104698)
* fix(ui): re-gate editability when a conflict reload returns non-editable content (#104698)
* fix(gateway): reject NUL bytes in sessions.files.set replacement content (#104698)
* fix(gateway,ui): regenerate protocol bindings, fix prod types and lint for file editor (#104698)
* fix(sessions): read zstd transcript archives through a materialized cache
Compressed archives were discovered but unreadable: the reset-archive
header probe read raw zstd bytes and every JSONL reader parsed them as
malformed lines, so compressed archives silently contributed zero
history and zero usage. Archives are write-once, so they materialize
once into a plain JSONL cache under the OpenClaw tmp dir and every
downstream reader (index, tail chunks, probes, usage scans) works
unchanged; the usage scanner also decompresses directly for whole-file
iteration.
* fix(sessions): keep usage byte-range semantics for compressed archives
Route zstd archive usage reads through the materialized plain-JSONL
cache so persisted incremental-scan offsets always measure decompressed
bytes; the whole-file decompress branch ignored requested ranges and
could overcount archived usage.
* fix(sessions): normalize compressed archives to decompressed space at usage discovery
Sizes, incremental offsets, and cache signatures for zstd archives now
all measure the materialized plain-JSONL cache, closing the truncation
window when persisted offsets from the compressed path met decompressed
reads.
* fix(sessions): gate the archive read cache on source identity
Every materialized-cache hit now stats the source archive: a deleted or
budget-evicted archive scrubs its cache entries instead of serving
stale plaintext, and the cache name carries the source size so a
same-path rewrite can never alias.
* fix(sessions): include source mtime in the archive cache identity
Same-path same-size rewrites can no longer alias a stale plaintext
cache entry; any source change mints a new cache name and the previous
entries are scrubbed on the next materialization.
* fix(sessions): bound and isolate the materialized archive cache
Cache entries expire on a 24h TTL sweep so budget-evicted archives
cannot leave plaintext copies behind, stale-identity scrubbing skips
the live identity and in-flight temp files, and unique temp names plus
last-rename-wins make concurrent materialization race-free.
* fix(sessions): drop useless probe-path initializer flagged by lint